[Snort-devel] [ snort-Bugs-420109 ] Segfault in fragcompare (snort-1.7)

noreply at ...12... noreply at ...12...
Thu Sep 27 23:44:04 EDT 2001


Bugs item #420109, was opened at 2001-04-30 03:58
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=420109&group_id=3357

Category: None
Group: None
>Status: Closed
>Resolution: Fixed
>Priority: 1
Submitted By: Peer Stritzinger (peerst)
>Assigned to: Dragos Ruiu (dragosr)
Summary: Segfault in fragcompare (snort-1.7)

Initial Comment:
After runnin a few days snort suddenly segfaulted.

Arch/OS: x86 running BSD/OS 4.1
Snort-version: 1.7
Rules: Distributed with 1.7

snort -c <path-to>/ids/snort/snort.conf
(snort.conf is a copy of the one distributed with
HOME_NET set and "preprocessor portscan-ignorehosts:
$HOME_NET $DNS_SERVERS"  added.

I got a lot of 
[**] Incomplete Packet Fragments Discarded [**]
from my HOME_NET (cause NFS)

Core backtrace (will keep corefile ask me if you need
more info)

Program terminated with signal 11, Segmentation fault.
#0  0x805a0fa in fragcompare (i=0x84ad800, j=0x84ad800)
at spp_defrag.c:171
171         if(SADDR(i) > SADDR(j))
(gdb) bt
#0  0x805a0fa in fragcompare (i=0x84ad800, j=0x84ad800)
at spp_defrag.c:171
#1  0x805a297 in fragsplay (i=0x84ad800, t=0x84d1430)
at spp_defrag.c:244
#2  0x805a442 in fragdelete (i=0x84ad800, t=0x84d1430)
at spp_defrag.c:378
#3  0x805a894 in ReassembleIP (froot=0x84d1430) at
spp_defrag.c:736
#4  0x805aabf in PreprocDefrag (p=0x80473c8) at
spp_defrag.c:909
#5  0x8052cc5 in Preprocess (p=0x80473c8) at
rules.c:3016
#6  0x804a556 in ProcessPacket (user=0x0,
pkthdr=0x80f2dec, pkt=0x80f2dfe "")
    at snort.c:463
#7  0x8068b6c in pcap_read ()
#8  0x8068fb3 in pcap_loop ()
#9  0x804b2fe in InterfaceThread (arg=0x0) at
snort.c:1278
#10 0x804a457 in main (argc=3, argv=0x80478a4) at
snort.c:397


----------------------------------------------------------------------

>Comment By: Martin Roesch (roesch)
Date: 2001-09-27 23:39

Message:
Logged In: YES 
user_id=18573

Upgrade to 1.8.1 please, there is a whole new defrag system
in 1.8.1.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=420109&group_id=3357




More information about the Snort-devel mailing list